<?php
    include_once('config.php');

    //获取session存放的用户信息
    $id = isset($_SESSION['id']) ? $_SESSION['id'] : 0;
    $username = isset($_SESSION['username']) ? $_SESSION['username'] : '';

    $sql = "select * from `pre_admin` where `id` = $id and  `username` = '$username'";

    $data = find($sql);
    
    if (!$data){
        //说明session被人伪造了，伪造就说明是非法，非法就要删除
        //删除所有的session数据
        session_destroy();
        ShowMsg('非法登录','login.php');
        exit;
    }


?>